Check an IP Address, Domain Name, Subnet, or ASN

192.253.248.169 was found in our database!

$ whois 192.253.248.169

country·🇮🇷 Iran

isp·Limited Network LTD

asn·AS213790

network·Standard

$ sikker risk 192.253.248.169scoring →

confidence

100%Very High

first_seen·Mar 31, 2026

last_seen·3d ago

first_reported·Apr 27, 2026

last_reported·23h ago

sessions·6,644

events·6,644

reports·28

$ sikker protocols 192.253.248.169

HTTPS

4,384 / 4,384 / 28r

HTTP

2,260 / 2,260

$ sikker summary 192.253.248.169

192.253.248.169 has a threat confidence score of 100%. This IP address from Iran (AS213790, Limited Network LTD) has been observed in 6,644 honeypot sessions and reported 28 times targeting HTTPS, HTTP protocols. Detected attack patterns include https dotenv environment file exposure probe, http dotenv file exposure probe. First observed on March 31, 2026, most recently active May 10, 2026.

$ sikker behaviors 192.253.248.169catalog →

highHttps Dotenv Environment File Exposure Probe461x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

highHttp Dotenv File Exposure Probe244x

Identifies HTTP GET requests targeting the /.env file, indicating attempts to access exposed environment configuration files commonly containing application secrets such as database credentials, API keys, and service tokens.

infoHttp Root Path Request1322x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Http Method Get1321x

HTTP request using GET method.

infoHttps Root Path Request105x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Bad Request Route Probe5x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 192.253.248.169

http_method_get1833 https_path_dotenv693 http_path_dotenv439 https_path_root115 https_path_app_dotenv53 https_path_dotenv_local31 https_path_dotenv_production31 https_index_php_root_request28 https_path_dotenv_development27 http_path_app_dotenv26 http_path_dotenv_local17 http_path_dotenv_production16 http_path_dotenv_development15 http_request_path_root_env_file12 http_path_bad_request8 https_path_config_json4 http_path_config_json3

$ sikker reports 192.253.248.169submit →

Showing 5 of 25 reports (28 total) from 1 contributor

Reporter	Date	Category	Protocol	Comment
Anonymous	May 10, 2026, 09:09	Brute Force	HTTPS	SikkerGuard: 75 blocked packets
Anonymous	May 9, 2026, 23:09	Brute Force	HTTPS	SikkerGuard: 75 blocked packets
Anonymous	May 9, 2026, 13:08	Brute Force	HTTPS	SikkerGuard: 78 blocked packets
Anonymous	May 9, 2026, 03:38	Brute Force	HTTPS	SikkerGuard: 75 blocked packets
Anonymous	May 8, 2026, 11:38	Brute Force	HTTPS	SikkerGuard: 644 blocked packets

1 / 5

$ sikker related 192.253.248.169

🇮🇷·More threats fromIran→AS·More threats fromLimited Network LTD→HTTP·More threats targetingHTTPS→HTTP·More threats targetingHTTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
172.94.9.187	23%	1
192.253.248.111	23%	3
185.93.89.17	89%	101
172.94.9.253	100%	3,000
192.253.248.108	23%	1

IP Address	Confidence	Events
94.183.155.163	46%	9
172.94.9.187	23%	1
192.253.248.111	23%	3
185.93.89.17	89%	101
172.94.9.253	100%	3,000